package iaik.security.rsa;

import iaik.asn1.structures.AlgorithmID;
import iaik.pkcs.pkcs1.MGF1;
import iaik.pkcs.pkcs1.MaskGenerationAlgorithm;
import iaik.pkcs.pkcs1.Padding;
import iaik.pkcs.pkcs1.RSAPssParameterSpec;
import iaik.security.md.SHA;
import iaik.utils.CryptoUtils;
import iaik.utils.Util;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidParameterSpecException;

/* loaded from: classes.dex */
public class RSAPssSignature extends b {

    /* renamed from: f, reason: collision with root package name */
    private static boolean f1110f = false;

    /* renamed from: a, reason: collision with root package name */
    public AlgorithmID f1111a;

    /* renamed from: b, reason: collision with root package name */
    public MaskGenerationAlgorithm f1112b;
    public int d;
    public byte[] e;
    private byte g;
    private RSAPssParameterSpec h;
    private RSAPssParameterSpec i;

    public RSAPssSignature() {
        this("RSASSA-PSS");
        e();
    }

    public RSAPssSignature(String str) {
        super(str, Padding.PADDING_NONE);
        this.g = (byte) -68;
    }

    public static void setValidateAgainstPssKeyParameters(boolean z) {
        f1110f = z;
    }

    @Override // iaik.security.rsa.b
    public int d() {
        return 100;
    }

    public void e() {
        this.f1142c = (AlgorithmID) AlgorithmID.sha1.clone();
        AlgorithmID algorithmID = (AlgorithmID) AlgorithmID.mgf1.clone();
        this.f1111a = algorithmID;
        algorithmID.setParameter(this.f1142c.toASN1Object());
        this.hash = new SHA();
        this.f1112b = new MGF1(this.f1142c, this.hash);
        this.d = 20;
        this.g = (byte) -68;
    }

    @Override // iaik.security.rsa.b, java.security.SignatureSpi
    public Object engineGetParameter(String str) {
        return engineGetParameters();
    }

    @Override // java.security.SignatureSpi
    public AlgorithmParameters engineGetParameters() {
        AlgorithmParameters algorithmParameters = null;
        if (this.f1142c == null || this.f1111a == null) {
            return null;
        }
        try {
            RSAPssParameterSpec rSAPssParameterSpec = new RSAPssParameterSpec(this.f1142c, this.f1111a, this.d);
            algorithmParameters = AlgorithmParameters.getInstance("RSASSA-PSS", "IAIK");
            algorithmParameters.init(rSAPssParameterSpec);
            return algorithmParameters;
        } catch (Exception unused) {
            return algorithmParameters;
        }
    }

    @Override // iaik.security.rsa.b, java.security.SignatureSpi
    public void engineInitSign(PrivateKey privateKey) {
        if (privateKey.getClass().getName().indexOf("IAIKPKCS11RsaPrivateKey") != -1) {
            super.engineInitSign(privateKey);
            MaskGenerationAlgorithm maskGenerationAlgorithm = this.f1112b;
            if (maskGenerationAlgorithm != null) {
                maskGenerationAlgorithm.reset();
                return;
            }
            return;
        }
        RSAPrivateKey rSAPrivateKey = Util.getRSAPrivateKey(privateKey);
        if (rSAPrivateKey instanceof RSAPssPrivateKey) {
            try {
                AlgorithmParameterSpec params = ((RSAPssPrivateKey) rSAPrivateKey).getParams();
                if (params != null) {
                    RSAPssParameterSpec rSAPssParameterSpec = this.i;
                    if (rSAPssParameterSpec == null) {
                        engineSetParameter(params);
                    } else if (f1110f) {
                        try {
                            if (!RSAPssPublicKey.a((RSAPssParameterSpec) params, rSAPssParameterSpec)) {
                                throw new InvalidKeyException("Application set parameters are not valid for PSS-Key used with this engine!");
                            }
                        } catch (InvalidParameterSpecException unused) {
                        }
                    }
                    this.h = (RSAPssParameterSpec) ((RSAPssParameterSpec) params).clone();
                }
            } catch (InvalidKeyException e) {
                throw e;
            } catch (Exception e2) {
                throw new InvalidKeyException(b.a.p(e2, b.a.j("RSA-PSS key contains invalid parameters: ")));
            }
        }
        super.engineInitSign(rSAPrivateKey);
        MaskGenerationAlgorithm maskGenerationAlgorithm2 = this.f1112b;
        if (maskGenerationAlgorithm2 != null) {
            maskGenerationAlgorithm2.reset();
        }
    }

    @Override // iaik.security.rsa.b, java.security.SignatureSpi
    public void engineInitVerify(PublicKey publicKey) {
        RSAPublicKey rSAPublicKey = Util.getRSAPublicKey(publicKey);
        if (rSAPublicKey instanceof RSAPssPublicKey) {
            try {
                AlgorithmParameterSpec params = ((RSAPssPublicKey) rSAPublicKey).getParams();
                if (params != null) {
                    RSAPssParameterSpec rSAPssParameterSpec = this.i;
                    if (rSAPssParameterSpec == null) {
                        engineSetParameter(params);
                    } else if (f1110f) {
                        try {
                            if (!RSAPssPublicKey.a((RSAPssParameterSpec) params, rSAPssParameterSpec)) {
                                throw new InvalidKeyException("Application set parameters are not valid for PSS-Key used with this engine!");
                            }
                        } catch (InvalidParameterSpecException unused) {
                        }
                    }
                    this.h = (RSAPssParameterSpec) ((RSAPssParameterSpec) params).clone();
                }
            } catch (InvalidKeyException e) {
                throw e;
            } catch (Exception e2) {
                throw new InvalidKeyException(b.a.p(e2, b.a.j("RSA-PSS key contains invalid parameters: ")));
            }
        }
        super.engineInitVerify(rSAPublicKey);
        MaskGenerationAlgorithm maskGenerationAlgorithm = this.f1112b;
        if (maskGenerationAlgorithm != null) {
            maskGenerationAlgorithm.reset();
        }
    }

    @Override // iaik.security.rsa.b, java.security.SignatureSpi
    public void engineSetParameter(AlgorithmParameterSpec algorithmParameterSpec) {
        if (algorithmParameterSpec == null) {
            this.i = null;
            e();
            return;
        }
        if (!(algorithmParameterSpec instanceof RSAPssParameterSpec)) {
            throw new InvalidAlgorithmParameterException("Params must be a RSAPssParameterSpec!");
        }
        RSAPssParameterSpec rSAPssParameterSpec = (RSAPssParameterSpec) algorithmParameterSpec;
        int trailerField = rSAPssParameterSpec.getTrailerField();
        if (trailerField != 1) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("Trailer field number ");
            stringBuffer.append(trailerField);
            stringBuffer.append(" not supported by RSASSA-PSS. Expected ");
            stringBuffer.append(1);
            stringBuffer.append("!");
            throw new InvalidAlgorithmParameterException(stringBuffer.toString());
        }
        RSAPssParameterSpec rSAPssParameterSpec2 = this.h;
        if (rSAPssParameterSpec2 != null && f1110f) {
            try {
                if (!RSAPssPublicKey.a(rSAPssParameterSpec2, rSAPssParameterSpec)) {
                    throw new InvalidAlgorithmParameterException("Parameters are not valid for PSS-Key used with this engine!");
                }
            } catch (InvalidParameterSpecException unused) {
            }
        }
        this.f1142c = rSAPssParameterSpec.getHashAlgorithm();
        try {
            this.hash = rSAPssParameterSpec.getHashEngine();
            this.f1111a = rSAPssParameterSpec.getMaskGenAlgorithm();
            try {
                this.f1112b = rSAPssParameterSpec.getMGFEngine();
                int saltLength = rSAPssParameterSpec.getSaltLength();
                this.d = saltLength;
                if (saltLength < 0) {
                    throw new InvalidAlgorithmParameterException("Cannot set saltLength parameter; must not be negative.");
                }
                this.e = rSAPssParameterSpec.getSalt();
                SecureRandom secureRandom = rSAPssParameterSpec.getSecureRandom();
                if (secureRandom != null) {
                    a(secureRandom);
                }
                this.i = (RSAPssParameterSpec) rSAPssParameterSpec.clone();
            } catch (NoSuchAlgorithmException e) {
                StringBuffer j = b.a.j("Cannot set mask generation algorithm parameter; no mgf engine available: ");
                j.append(e.getMessage());
                throw new InvalidAlgorithmParameterException(j.toString());
            }
        } catch (NoSuchAlgorithmException e2) {
            StringBuffer j2 = b.a.j("Cannot set hash algorithm parameter; no hash engine available: ");
            j2.append(e2.getMessage());
            throw new InvalidAlgorithmParameterException(j2.toString());
        }
    }

    @Override // java.security.SignatureSpi
    public byte[] engineSign() {
        if (this.hash == null) {
            throw new NullPointerException("Cannot calculate signature. Digest engine must not be null!");
        }
        if (this.f1112b == null) {
            throw new NullPointerException("Cannot calculate signature. MGF engine must not be null!");
        }
        int b2 = b();
        int i = b2 - 1;
        int i2 = (i + 7) / 8;
        byte[] bArr = new byte[i2];
        byte[] a2 = a();
        int length = a2.length;
        if (this.d < 0) {
            this.d = 20;
        }
        int i3 = this.d;
        if (i2 < length + i3 + 2) {
            throw new SignatureException(b.a.f("Encoding error: emLen (", i2, ") shorter than hashLen + saltLen + 2!"));
        }
        byte[] bArr2 = this.e;
        int i4 = length + 8;
        byte[] bArr3 = new byte[i3 + i4];
        System.arraycopy(a2, 0, bArr3, 8, length);
        if (this.d > 0) {
            if (bArr2 == null) {
                SecureRandom c2 = c();
                if (c2 == null) {
                    throw new NullPointerException("Cannot calculate signature. No SecureRandom available!");
                }
                byte[] bArr4 = new byte[this.d];
                c2.nextBytes(bArr4);
                bArr2 = bArr4;
            }
            System.arraycopy(bArr2, 0, bArr3, i4, this.d);
        }
        byte[] digest = this.hash.digest(bArr3);
        int i5 = (i2 - length) - 1;
        int i6 = this.d;
        bArr[(i5 - i6) - 1] = 1;
        if (i6 > 0) {
            System.arraycopy(bArr2, 0, bArr, i5 - i6, i6);
        }
        this.f1112b.mask(digest, 0, digest.length, i5, bArr, 0);
        bArr[0] = (byte) ((255 >> ((i2 * 8) - i)) & bArr[0]);
        System.arraycopy(digest, 0, bArr, i5, length);
        bArr[i2 - 1] = this.g;
        try {
            byte[] a3 = a(bArr);
            int i7 = (b2 + 7) / 8;
            if (a3.length >= i7) {
                return a3;
            }
            byte[] bArr5 = new byte[i7];
            System.arraycopy(a3, 0, bArr5, i7 - a3.length, a3.length);
            CryptoUtils.zeroBlock(a3);
            return bArr5;
        } catch (Exception e) {
            throw new SignatureException(b.a.p(e, b.a.j("Signing error: ")));
        }
    }

    @Override // java.security.SignatureSpi
    public boolean engineVerify(byte[] bArr) {
        if (this.hash == null) {
            throw new NullPointerException("Cannot verify signature. Digest engine must not be null!");
        }
        if (this.f1112b == null) {
            throw new NullPointerException("Cannot verify signature. MGF engine must not be null!");
        }
        int b2 = b();
        int i = (b2 + 7) / 8;
        int i2 = b2 - 1;
        if (bArr.length != i) {
            throw new SignatureException(b.a.f("Invalid signature (length is not k (", i, ") octets!"));
        }
        try {
            byte[] a2 = a(bArr);
            int i3 = (i2 + 7) / 8;
            if (i3 < a2.length) {
                if (i2 % 8 != 0 || i3 != a2.length - 1) {
                    throw b.a.m(a2, "Invalid signature. Decrypted message too long");
                }
                byte[] bArr2 = new byte[i3];
                System.arraycopy(a2, a2.length - i3, bArr2, 0, i3);
                CryptoUtils.zeroBlock(a2);
                a2 = bArr2;
            }
            byte[] a3 = a();
            int length = a3.length;
            if (this.d < 0) {
                this.d = 20;
            }
            if (i3 < this.d + length + 2) {
                CryptoUtils.zeroBlock(a2);
                throw new SignatureException(b.a.f("Inconsitent length: emLen (", i3, ") shorter than hashLen + saltLen + 2!"));
            }
            if (a2[a2.length - 1] != this.g) {
                throw b.a.m(a2, "Invalid signature. Inconsistent trailer field.");
            }
            int i4 = (i3 * 8) - i2;
            if ((a2[0] & (65280 >> i4) & 255) != 0) {
                throw b.a.m(a2, "Invalid signature. Leftmost 8emLen - emBits not all zero.");
            }
            int i5 = i3 - length;
            int i6 = i5 - 1;
            this.f1112b.mask(a2, i6, length, i6, a2, 0);
            a2[0] = (byte) ((255 >> i4) & a2[0]);
            int i7 = (i5 - this.d) - 2;
            for (int i8 = 0; i8 < i7; i8++) {
                if (a2[i8] != 0) {
                    throw b.a.m(a2, "Invalid signature. Not all leftmost octets of DB are zero");
                }
            }
            if (a2[i7] != 1) {
                throw b.a.m(a2, "Invalid signature. Missing 0x01 octet");
            }
            int i9 = length + 8;
            byte[] bArr3 = new byte[this.d + i9];
            System.arraycopy(a3, 0, bArr3, 8, length);
            int i10 = this.d;
            if (i10 > 0) {
                System.arraycopy(a2, (i5 - i10) - 1, bArr3, i9, i10);
            }
            boolean secureEqualsBlock = CryptoUtils.secureEqualsBlock(this.hash.digest(bArr3), 0, a2, i6, length);
            CryptoUtils.zeroBlock(a2);
            CryptoUtils.zeroBlock(bArr3);
            return secureEqualsBlock;
        } catch (Exception e) {
            throw new SignatureException(b.a.p(e, b.a.j("Signature decryption error: ")));
        }
    }
}
